From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Sun, 10 Mar 2013 15:52:49 +0100
Subject: [refpolicy] [PATCH 5/6] Denial in mail log on node bind
In-Reply-To: <1362927170-31116-1-git-send-email-sven.vermeulen@siphos.be>
References: <1362927170-31116-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1362927170-31116-6-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

When mails are sent to an IPv6-enabled server, the following denial is otherwise
shown in the mail logs:

postfix/smtp[7620]: warning: smtp_connect_addr: bind <local_ipv6>: Permission denied

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 postfix.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/postfix.te b/postfix.te
index 191a66f..dd59b2a 100644
--- a/postfix.te
+++ b/postfix.te
@@ -702,6 +702,8 @@ allow postfix_smtp_t { postfix_prng_t postfix_spool_t }:file rw_file_perms;
 
 rw_files_pattern(postfix_smtp_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
 
+corenet_tcp_bind_generic_node(postfix_smtp_t)
+
 optional_policy(`
 	cyrus_stream_connect(postfix_smtp_t)
 ')
-- 
1.8.1.5